Re: GTK+-1.2.9 Released

From: Owen Taylor <otaylor redhat com>
To: Paul Davis <pbd op net>
Cc: gtk-list gnome org
Subject: Re: GTK+-1.2.9 Released
Date: 03 Mar 2001 19:09:22 -0500

Paul Davis <pbd op net> writes:

> >> > * Refuse to initialize GTK+ when setuid (http://www.gtk.org/setuid.html)
> >
> >
> >It includes setgid, however, the check does not kick in if it
> >the program has already dropped setgid privileges before initializing
> >GTK+.
> 
> Whats the nature of the check ? 

Well, it's probably easiest to refer to the sources:

====
#ifdef HAVE_GETRESUID
  if (getresuid (&ruid, &euid, &suid) != 0 ||
      getresgid (&rgid, &egid, &sgid) != 0)
#endif /* HAVE_GETRESUID */
    {
      suid = ruid = getuid ();
      sgid = rgid = getgid ();
      euid = geteuid ();
      egid = getegid ();
    }

  if (ruid != euid || ruid != suid ||
      rgid != egid || rgid != sgid)
    {
      g_warning ("This process is currently running setuid or setgid.\n"
		 "This is not a supported use of GTK+. You must create a helper\n"
		 "program instead. For further details, see:\n\n"
		 "    http://www.gtk.org/setuid.html\n\n";
		 "Refusing to initialize GTK+.");
      exit (1);
    }
====

If this check is failing, you haven't dropped privileges succesfully.

> Do I need to use seteuid() or setruid() or something else to get GTK
> to believe that I've dropped setuid priviledges? My programs are
> soft-real-time audio systems that are intended to run on primarily
> dedicated workstations, and need to use POSIX RT scheduling and
> mlock(2) to ensure adequate performance. I attempt to drop setuid
> before starting GTK. I understand the problems it can cause, and so
> although there is no way I can afford to modify the programs to meet
> the model described by the link above, I would like to at least drop
> the priviledge in an appropriate way.

Dropping root privileges should be as simple as setuid(getuid()).

Droppping non-root privileges can be harder to do portably - to give
an example of how you might go about it, here's a function from
gnome-libs/gnome-score.c:

====
static void 
drop_perms (void)
{
   gid_t gid = getegid ();
   
   setregid (getgid (), getgid ());     /* on some os'es (eg linux) this
                                         * incantation will also drop the
                                         * saved gid */
   /* see if we can set it back -- if we can, saved id wasnt dropped */
   if (gid != getgid() && !setgid (gid))
     {
        if (getuid())
          g_warning ("losing saved gid implementation detected, "
                     "get a real OS :)\n");
        setgid (getgid ());
     }
}
====
 
> And note: I will soon be using capabilities instead. Is GTK planning
> to do anything special about programs which have the RESOURCE
> capability ?

I have no current plans to make the check more complex.

Regards,
                                        Owen

References:
- Re: GTK+-1.2.9 Released
  - From: Paul Davis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]